Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Adding and managing LEM users

Adding and managing LEM users

Updated: September 15, 2017

Access to LEM data requires a user account. Even basic access, such as receiving notifications sent by LEM through email or SMS text message, requires a user account.

About LEM roles

To restrict user access to sensitive data, user accounts need to be assigned to a LEM role. There are six LEM role types: Administrator, Auditor, Monitor, Contact, Guest, and Reports. Role types are described in the following table.

Role Description
Administrator

The default user. This role cannot be deleted and has full access to the LEM console.

SolarWinds does not recommend multiple users sharing the Admin account for auditing purposes.

Auditor User has extensive view rights to the system, but cannot modify anything other than their own filters.
Monitor User has read-only access to the LEM console. See Specify the filters that users assigned the Monitor role can use in the LEM console to configure the filters assigned to this role. Users assigned to this role cannot edit filters.
Contact User cannot log in to the LEM console, but can receive external notifications such as email sent to either the user's email address, imported distribution lists, or cellular email-to-SMS addressees for texts. Use this role if you have an external incident resolution or trouble ticket system, or if you have a user who does not need to access the console.
Guest User has extensive view rights to the system, but cannot modify anything other than their own filters.
Reports User cannot log in to the LEM console, but can access the LEM reports application. This role can access the LEM database over a secure channel if TLS encryption is enabled. See Enable transport layer security (TLS) in the LEM reports application for details.

About LEM user accounts

There are two ways to add a user account in LEM:

  • Add an Active Directory user account
  • Create a local user account

SolarWinds recommends using Active Directory accounts if Microsoft Active Directory is in use at your organization.

Each user should have a valid email address so that the user can receive notifications sent by LEM. SolarWinds recommends that you create distinct users for each individual who needs to receive email notifications from LEM Manager. If you want to send identical notifications to your IT department personnel, associate a distribution list email address to all relevant users.

To establish minimum password requirements for local user accounts in LEM, see Set the global password policy for LEM users.

How Active Directory accounts work in LEM

You can configure LEM to allow users to log in with their Active Directory credentials. Using Active Directory for user authentication means you do not have to maintain duplicate user accounts in LEM, and users do not have to remember an additional user name and password just for LEM.

See Set up Active Directory authentication in LEM to configure LEM to allow users to log in with their Active Directory credentials.

LEM roles are mapped to DS groups in Active Directory if AD authentication is enabled.

See Configure or view Active Directory authentication settings in LEM to look up which Active Directory groups are mapped to LEM roles.

LEM supports Active Directory single sign-on. If single sign-on is enabled, users can bypass the LEM login screen and go straight to the application if they are already logged in to another application that accepts the user's AD credentials.

See Set up single sign-on (SSO) in LEM to configure LEM to allow users to bypass the LEM login screen if they are already logged in to an application that accepts the user's AD credentials.

LEM can use Active Directory groups of Windows users and computer accounts in LEM rules and filters. Any changes made to users or groups in Active Directory propagate to rules and filters in LEM.

See Configure directory service (DS) groups in LEM for details.

 

Import an Active Directory user into LEM

Before you create an Active Directory user account:

  • Complete the steps in this topic: Set up Active Directory authentication in LEM

  • Be sure to either map your Active Directory groups to LEM security groups, or create at least one custom security group in Active Directory for LEM to use. If you created custom LEM security groups in Active Directory, populate the groups with AD users before continuing. See Create custom security groups in Active Directory for LEM to use for details.

  • Verify that the user account includes a valid email address.

    LEM requires an email address to create a user account. LEM uses the email address to send the user a notification when an assigned alert event occurs.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

  3. Click    and select Import LEM User. The Import Users form opens.

  4. Complete the Import Users form and click Import.

     

    Field Description
    LEM Groups Select the LEM security group that the Active Directory user belongs to.
    Search User Type at least the first three characters of the user name.
    Search Click to find matching users.
    Available Users Select one or more users to import and click the green and white arrow button.
    Selected Users Lists the AD user (or users) to import.

    The Active Directory user is imported.

Create a local LEM user account

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

    If you have multiple LEM Manager instances, open the menu next to the    and choose the LEM Manager instance that you want to add the user account to.

  3. Click   and select LEM User.

  4. Complete the form in the "User Information for: <New User>" section, and then click Save. See the following table for help with form fields.

    The local user account is added to the Users grid.

The "User information for..." form

Field Description
User Name Enter a user account name. You cannot use admin_role, audit_role, or reports_role for the user name.
First Name Enter the user's first name.
Last Name Enter the user's last name.
Password

Enter a user password to access the Manager. This can be an initial system password or a temporary password that is assigned to replace a forgotten password.

If you are creating a Contact user, a password is not required.

If the Must Meet Complexity Requirements check box is selected in the Manage > Appliance > Properties > Settings tab, the console enforces the following policy:

  • Passwords must have a minimum of six characters. Spaces are not allowed.
  • Passwords must have two of the following three attributes: at least one special character, at least one number, and a mix of lowercase and uppercase letters.
Confirm Password Enter the password again.
LEM Role

Select a LEM role for this user.

  • Administrator has full access to the system, and can view and modify everything.
  • Auditor has extensive view rights to the system, but cannot modify anything other than their own filters.
  • Monitor can access the console, cannot view or modify anything, and must be provided a set of filters. See Specify the filters that users assigned the Monitor role can use in the LEM console for steps.
  • Contact cannot access the console, but can receive external notification.
  • Guest has extensive view rights to the system, but cannot modify anything other than their own filters.
  • Reports cannot log in to the LEM console, but can log in to the LEM reports application. This role can access the LEM database over a secure channel if TLS encryption is enabled. See Enable transport layer security (TLS) in the LEM reports application for details.
View Role Click to open the role privileges assigned to the new user. Role privileges cannot be changed.
Description Type a brief description (up to 50 characters). For example, provide the user title, position, or area of responsibility.
Contact Information

Enter an email address. LEM Manager notifies users by email about network security events. You can add as many email addresses as required.

  1. Type an email address and click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1300-Users_view_in_the_LEM_console/button-plus_12x11.png to add the address to the Contact Information box. Use the following format:

    username@example.com

  2. Click Save, and then click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1300-Users_view_in_the_LEM_console/lem-ug-test-email-address.png to send a test email to the email address.
  3. Verify that the user received the email test message.

    If the message was not received, edit the email address or adjust the email connector settings in the manager.

  4. Repeat these steps to add additional email addresses.

View user accounts in the LEM console

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

    The Users grid opens.

  3. Click a column heading to sort the table. For example, click LEM Role to sort users by role. Click again to reverse-sort.

View the system privileges associated with a role

After you select a user role, you can click View Role to view the system privileges associated with the user role.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

    The Users grid opens.

  3. Select a user in the Users grid.

    Details about the user display in the User Information pane.

  4. In the User Information pane, click View Role.

    The Privileges pop-up window opens.

    This information in the Privileges pop-up window is read-only and cannot be changed.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0270-Adding_and_managing_LEM_users/privileges.png

  5. Click Close to return to the console.

Edit user account settings

You can update all user settings in the Build > Users view. Only the description and role can be edited for Active Directory users.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

  3. In the Users grid, click  next to a user and select Edit.

  4. Update the user information in the User Information pane.

    To delete an email address, click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/0270-Adding_and_managing_LEM_users/icon-deleteemail.png next to each email address you want to delete.

  5. Click Save.

    The user information is updated.

To establish minimum password requirements for local user accounts in LEM, see Set the global password policy for LEM users.

Delete a user account from a LEM Manager instance

You cannot delete the admin user from the system.

  1. Open the LEM console. See Log in to the LEM web console or Log in to the LEM desktop console for steps.

  2. Click Build > Users.

  3. In the Users grid, locate the user you want to delete.

  4. In the Users grid, click   next to the targeted user and select Delete.

  5. When prompted, click Yes to confirm the delete.

    The user is removed from the Users list and is no longer authorized to use the Manager.

Last modified

Tags

Classifications

Public